202009_风二西_USB鼠标流量
Tags:流量分析,USB鼠标,gnuplot
0x00. 题目
附件路径:https://pan.baidu.com/s/1GyH7kitkMYywGC9YJeQLJA?pwd=Zmxh#list/path=/CTF附件
附件名称:202009_风二西_USB鼠标
0x01. WP
1. 脚本解析USB鼠标流量,导出点击轨迹
getUSBMouse.py
# -*- coding: utf-8 -*-
import pyshark, os
# 尝试合并http响应的所有TCP包
# 初始化pyshark参数
strTsharkPath = "D:\\=Green=\\Wireshark\\App\\Wireshark\\"
strCapPath = "test2.pcapng"
strFomula=""
strlog="output.log"
blnLog=True
def file_remove(filepath):
try:
os.remove(filepath)
except:
pass
def log_write(filecontent):
# print(filecontent)
if blnLog:
file = open(strlog, "a", encoding='utf-8')
file.write(filecontent + "\n")
file.close()
#清空日志文件
file_remove(strlog)
cap= pyshark.FileCapture(strCapPath,display_filter=strFomula,tshark_path=strTsharkPath)
intTmp=0
strResult=""
posx = 0
posy = 0
result=open('result.txt','w')
for pkt in cap:
intRequestNumber=pkt.number
log_write("="*32)
log_write("Frame No.: %d"%int(intRequestNumber))
for layer in pkt.layers:
log_write("layer name: "+layer.layer_name)
log_write("\t"+str(layer.field_names))
# log_write(str(layer))
strUSBData=""
blnButton=0 #左键1右键2无键0
if str(layer.layer_name)=="DATA": # 监控鼠标滑动流量协议
try:
strUSBData=str(layer.usbhid_data)
print(strUSBData)
lUSBData=strUSBData.split(":")
# 01:00:fa:ff:ff:00
blnButton=int(lUSBData[1],16) # 1左键2右键0无键
x=int(lUSBData[2],16) # 横向位移
y=int(lUSBData[3],16) # 纵向位移
if x > 127:
x -= 256
if y > 120:
y -= 264
posx += x
posy += y
if blnButton == 1: #先过滤左键滑动轨迹
result.write(str(posx) + ' ' + str(-posy) + '\n')
#print(result)
except:
pass
intTmp+=1
print(strResult)
result.close()
log_write("共分析出%d个请求。"%intTmp)
2. 解析坐标轨迹
gnuplot.exe -e "plot 'result.txt'" -p
0x02. 附 gnuplot安装简易教程
下载地址:https://sourceforge.net/projects/gnuplot/files/gnuplot/
浙公网安备 33010602011771号